Chinese Spies May Have Tried to Impersonate Journalist Bruce Stokes

Virus-bearing messages were sent in his name from a fake account.

While the candid characterizations of foreign leaders by diplomats (“thin-skinned” Nicolas Sarkozy,“corrupt” Vladimir Putin) have received much of the attention from the recent WikiLeaks document dump, hidden in the flood of cables are behind-the-scenes dramas involving Washington power players.

National Journal’sBruce Stokes learned in the documents that, while he was the magazine’s international-economics correspondent, he was unknowingly the central character in an apparent Chinese espionage plot.

Advertisement

In 2009, five State Department employees who were negotiating with China on reducing greenhouse-gas emissions evidently received e-mails bearing Stokes’s name and contact information. The subject line of his purported messages—“China and Climate Change”—was germane and innocuous enough to pass as a journalist’s query. For good measure, Stokes’s cyber-imitator included comments in the e-mails related to the recipients’ jobs, according to a State Department cable documenting the incident. The e-mails, though, weren’t from the offices of National Journal. Instead they were a ruse known as “spear phishing,” in which the sender imitates someone the recipients may know, luring them to open the message and any attachments, which usually contain a computer virus.

Stokes was a well-thought-out target: He has connections to the diplomatic corps—including his wife, Wendy Sherman, the Clinton administration’s policy coordinator on North Korea and now a principal at the Albright Stonebridge Group—and he has known the US climate-change envoy, Todd Stern, for years.

The e-mails that seemed to come from Stokes contained a virus that, if opened, would have burrowed an electronic tunnel to the host computer, letting the intruder root around in the owner’s files and siphon off copies.

Whether anyone opened the attachments is unclear. The State Department cable describing the incident says the targeted computers were using an electronic “patch” that would have blocked the infection.

Striking a diplomatic tone in the cable, the State Department stops short of blaming China for the attempted theft. But the cable notes that at the same time the United States and China were “conducting specific negotiations” on greenhouse-gas emissions, “evidence of an attempt to gain unauthorized entry to computer systems operated by [State Department] personnel involved with climate change issues has surfaced.” What a coincidence!

National Journal editor Charlie Green was alerted to the incident not by the government but by his son, who saw the reference in the WikiLeaks coverage, which named only the publication involved, not the reporter. “I see that the Chinese government is using your magazine as a tool for international espionage,” he wrote his dad in an e-mail.

Green then e-mailed the news to National Journal columnists past and present. By the process of elimination, the field was barrowed down to Stokes.

If imitation is the sincerest form of flattery, is “spear phishing” now the greatest compliment a government can give a reporter?

This article first appeared in the February 2011 issue of The Washingtonian.